back to article Six-year-old patched Stuxnet hole still the web's biggest killer

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer …

  1. John Smith 19 Gold badge

    "Windows versions older than Windows 8 that have not applied the August 2010 patch."

    6 years to patch your PC.

    Wouldn't it be simpler to remove the PC from the person?

    It's clear they have no idea how to use it.

    1. Phil O'Sophical Silver badge

      Re: "Windows versions older than Windows 8 that have not applied the August 2010 patch."

      Probably no person involved, but a forgotten PC, sitting in a dusty cupboard, that has been plodding on with its daily job since it was installed.

  2. Anonymous Coward
    Anonymous Coward

    Patch ID

    The article refers to an August 2010 patch but doesn't name it. A little research on Microsoft Security Bulletin MS10-046 - Critical suggests that the MS Patch KB2286198 should do the trick.

    I checked in my Win7 installation and there was no record of that patch and I run updates manually every month. Maybe it has been superceded. Anyone know anything about this?

    Check Control Panel / Program and Features / View installed updates.

    1. Sandtitz Silver badge

      Re: Patch ID

      The KB2286198 patch was included in Win7 SP1.

      1. Anonymous Coward
        Anonymous Coward

        Re: Patch ID

        Makes it really easy to check doesn't it?!

        1.Determine Patch required.

        2. Find patch ref.

        3. Try to apply patch ref. Only then find out it's superseded or hidden inside another update.

        And they wonder why people have unpatched systems.

        1. asdf

          Re: Patch ID

          No worries Microsoft has decided in the future Win10 on, users no longer have a choice on patches and those fixes will also include lovely Microsoft spyware sorry telemetry. Took a sledgehammer to that problem they did.

  3. fearnothing

    Why is Java singled out as a horror box when it's sitting next to Flash in your sentence? What does that make Flash, the Lament Configuration?

    1. Terje

      I think (think mind you , no data to back this up) that people are more likely to keep flash updated then java. Not sure if oracle have made improvements to the java installer or not, was quite some time since I decided to rid myself of it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like